Skip to content

[TOAZ-363] Allow UAMI accounts to be added to service admin whitelist #1466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

[TOAZ-363] Allow UAMI accounts to be added to service admin whitelist #1466

wants to merge 3 commits into from

Conversation

@bennettn4
Copy link
Contributor

Ticket: (https://broadworkbench.atlassian.net/browse/TOAZ-363)

What:

UAMI accounts do not have OIDC_email field populated through accesstoken, need to be dynamically built from b2cid

Why:

Needed if Thurloe is running as a user assigned managed identity on azure and needs service account admin whitelist

How:

Additional check in service account admin whitelist based UAMI email

PR checklist

  • I've followed the instructions if I've made any changes to the API, especially if they're breaking changes
  • I've filled out the Security Risk Assessment (requires Broad Internal network access) and attached the result to the JIRA ticket

@bennettn4
allow uami accounts to be serviceAccountAdmins
f3dc122 
UAMI accounts will not have oidc email field populated through token, need to be dynamically built
Needed if Thurloe is running as an UAMI and needs service account admin whitelist
bennettn4 added 2 commits July 1, 2024 10:29
@bennettn4
boolean logic update and helper function
ea35970 
Swapped boolean logic to allow if either condition is true as opposed to reject if both conditions are false
Added helper function to verify email oidcHeader is empty to clean up logic in route slightly and remove edge case of [email protected] being a potentially valid value in serviceAccountAdmin configuration
@bennettn4
Merge branch 'develop' into bennettn/sam-integration-thurloe-on-azure
50a7842
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 1, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@bennettn4 bennettn4 requested a review from dvoet July 2, 2024 02:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@dvoet dvoet dvoet approved these changes

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

on hold

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bennettn4 @dvoet @davidangb